January 1, 2017

Firewalls -block rather than scan

If you run a so called “New Generation Firewall” it will probably have an IDS/IPS system that scans all traffic. This eats a lot of CPU and slows down your firewall. There are lots of reliable lists (blocklists) of IP addresses out there that you can use to drop traffic from the bad guys before scanning, saving lots of CPU and increasing your throughput.

Research the lists you plan to use, here is a good place to start your research: FireHOL IP Lists. Make sure the listing and delisting policies of a list works for you.

The lists in FireHOL_Level1 are a good start. Make sure you update them regularly to be effective and avoid false positives.

© Arnold Greyling 2023